iPad Pro w/ Magic KB, Surface Go 2, or $350 Off with OnDemand Training - Register Now


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Sorry, the slides for this webcast are not available for download.

How to Build Account Harvesters and Password Guessers with Python

  • Friday, April 03, 2015 at 3:00 PM EDT (2015-04-03 19:00:00 UTC)
  • Michael Murr, Ed Skoudis

You can now attend the webcast using your mobile device!



Join SANS instructor Mike Murr as he shows you how to enhance your pen tests by building custom tools in Python. Specifically, Mike will show you how to build an account harvester and password guesser for web applications. You'll learn the process from start to finish for designing, building, and using custom tools. By attending this webcast, you'll be able to add some new (custom) tools to your pen test toolbox.

Speaker Bios

Ed Skoudis

Ed Skoudis is the founder of Counter Hack, an innovative organization that designs, builds, and operates popular infosec challenges and simulations including CyberCity, NetWars, Cyber Quests, and Cyber Foundations. As director of the CyberCity project, Ed oversees the development of missions which help train cyber warriors in how to defend the kinetic assets of a physical, miniaturized city. Ed's expertise includes hacker attacks and defenses, incident response, and malware analysis, with over fifteen years of experience in information security. Ed authored and regularly teaches the SANS courses on network penetration testing (Security 560) and incident response (Security 504), helping over three thousand information security professionals each year improve their skills and abilities to defend their networks. He has performed numerous security assessments; conducted exhaustive anti-virus, anti-spyware, Virtual Machine, and IPS research; and responded to computer attacks for clients in government, military, financial, high technology, healthcare, and other industries. Previously, Ed served as a security consultant with InGuardians, International Network Services (INS), Global Integrity, Predictive Systems, SAIC, and Bell Communications Research (Bellcore). Ed also blogs about command line tips and penetration testing.

Michael Murr

Mike is a consultant with Social Exploits LLC, a consulting firm specializing in the human element of security. Mike has performed digital investigations, incident response, malware analysis, and penetration tests for the government and private sectors. His teaching experience includes SEC401, SEC504, SEC560, FOR408, FOR508, and FOR610. On the human side, Mike has experience in elicitation, interviewing, and interrogation. He is also trained and certified in the use of the Facial Action Coding System (FACS).

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.